On Tue, Jul 28, 2009 at 4:32 PM, Martin Packer <[email protected]>wrote:
> I've spoken about the "Denial Of Service Attack" possibility many times in > the past. I believe it to be real (if you'll pardon the pun). :-) > IEFUSI/MEMLIMIT have to be effective to contain that. It's not, as has > been said, a decision for end user groups / businesses but rather it's > basic technical hygiene. > The basic problem is that there is no empirical way to distinguish between a legitimate critical business function that needs a few more gogglebytes "right now!" and Joe Dope the app dev whiz kid trying to run a squillion objects in his jvm in twenty batch jobs "coz its cool". IEFUSI and all of the other arcane mechanisms are of very questionable value in each case. Chances are good they would reject the first (legitimate) use and not stop Joe the Dope.. They get in the way of legitimate resource usage and since they require source code modification, assembly and dynamic replacement to get past a middle of the night "oops", they are probably not the best way to tackle the problem. These are old mechanisms of very limited flexibility or usefulness. The z community needs better ones now. It is long past time that the OS began to take care of these resource management issues itself instead of making the system programmer and application programmer play this inane game of guessing how much (virtual!!!) memory a given application is going to use. There is no correct answer. -- This email might be from the artist formerly known as CC (or not) You be the judge. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
